A few months ago I wrote about some of the dangers in using public WiFi hotspots (http://mavidea.com/media/mavlog/10-07-01/Using_public_WiFi_hotspots_securely_part_1.aspx) The article was received well and customers asked me questions, which is exactly what I wanted. Security is an ongoing discussion that never ends.
A few weeks ago, Starbucks made WiFi free in all of their stores (http://www.starbucks.com/coffeehouse/wireless-internet). This is a good thing for all travelers on the go – I have to tell you that I took advantage of it recently when I was in Seattle. The hotel wanted $14.95 for Internet access and I only needed to look up a couple of email, so I rolled down to the Starbucks on the corner (there a just a couple of Starbucks in Seattle…. J ). For me it is second nature to be secure on wireless – I fired up my laptop, connected to the wireless, and then clicked on the link to start a VPN tunnel back to the Mavidea offices. It took me all of 30 seconds because it is set up correctly.
It’s actually becoming really easy for businesses to get their employees set up for secure VPN. Here are some of the options:
- VPN to the firewall. Most commercial firewall have built in VPN support for 1-2 users at a time. Mavidea uses SonicWALL for all of our customers, and all of the SonicWALLs ship with support for 2 users at a time. One of the features we love about SonicWALL is that users have the exact same username and password to log in to the VPN as they do to log in to their laptop. It makes it a lot easier to prevent lost passwords.
- VPN to a VPN Concentrator. For organizations that have a lot of people who need to VPN in at the same time, I recommend a VPN Concentrator. All it does is remove the burden of handling the VPN connections and moves it to a dedicated hardware appliance. Lots of manufacturers make these, but again Mavidea chooses SonicWALL, and we use their 20 session VPN concentrator internally.
- Server 2008 R2 Direct Access. Microsoft has recognized the increasing mobile nature of works and has implemented a system to help users be secure. VPN to the firewall and VPN to a VPN Concentrator work great, but they both require the user to remember to start the VPN session. Direct Access, a new server role in Server 2008 R2 remotes the “human factor”. As soon as a user on a properly configured Windows 7 laptop connects to the Internet, they automatically start a secure VPN-like encrypted session to the Direct Access server back at the office. This also makes it a lot easier on the user to access their home folders, email boxes, and SharePoint sites at the office as they are automatically reconnected.
- Worst case scenario, if none of these other solutions will work, you can sign up for a VPN service. Most of them are around $10 per month. What you do is install their client, and then VPN to them for secure access. Of course, since you aren’t VPNing into your corporate network, you won’t have access to any of your file shares, but at least all of your emails won’t be open for the world to read!
Disclosure – these are not all of the options that exist. There are VPN options out there specifically for home use, or if you are geeky-minded, there are solutions that require you to set up a VPN server internally on an old desktop or something. These 4 are Mavidea’s choices for secure VPN access from vendors that provide updates/upgrades as technology evolves, and support for when things just don’t want to work correctly.
Have a great (and secure!) day!
Jamie
